CVE-2013-4536 Vulnerability Details

  /     /     /  

CVE-2013-4536 Metadata Quick Info

CVE Published: 28/05/2021 | CVE Updated: 06/08/2024 | CVE Year: 2013
Source: redhat | Vendor: n/a | Product: qemu
Status : PUBLISHED

---

CVE-2013-4536 Description

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).